Commit 765b306c authored by Ray Strode's avatar Ray Strode

display: tie skeleton handlers to object lifetime

Right now we assume a display skeleton object won't
outlive its associated display object.

In theory that should be true, but if we accidentally
leak the skeleton it could erroneously happen.

If that does happen then we'll end accessing free'd
memory, so the leak will turn into a crasher.

This commit addresses this problem by ensuring
the skeleton signal handlers are disconnected when the
associated display object goes away.

CVE-2018-14424
parent 6060db70
......@@ -1109,18 +1109,18 @@ register_display (GdmDisplay *self)
self->priv->object_skeleton = g_dbus_object_skeleton_new (self->priv->id);
self->priv->display_skeleton = GDM_DBUS_DISPLAY (gdm_dbus_display_skeleton_new ());
g_signal_connect (self->priv->display_skeleton, "handle-get-id",
G_CALLBACK (handle_get_id), self);
g_signal_connect (self->priv->display_skeleton, "handle-get-remote-hostname",
G_CALLBACK (handle_get_remote_hostname), self);
g_signal_connect (self->priv->display_skeleton, "handle-get-seat-id",
G_CALLBACK (handle_get_seat_id), self);
g_signal_connect (self->priv->display_skeleton, "handle-get-x11-display-name",
G_CALLBACK (handle_get_x11_display_name), self);
g_signal_connect (self->priv->display_skeleton, "handle-is-local",
G_CALLBACK (handle_is_local), self);
g_signal_connect (self->priv->display_skeleton, "handle-is-initial",
G_CALLBACK (handle_is_initial), self);
g_signal_connect_object (self->priv->display_skeleton, "handle-get-id",
G_CALLBACK (handle_get_id), self, 0);
g_signal_connect_object (self->priv->display_skeleton, "handle-get-remote-hostname",
G_CALLBACK (handle_get_remote_hostname), self, 0);
g_signal_connect_object (self->priv->display_skeleton, "handle-get-seat-id",
G_CALLBACK (handle_get_seat_id), self, 0);
g_signal_connect_object (self->priv->display_skeleton, "handle-get-x11-display-name",
G_CALLBACK (handle_get_x11_display_name), self, 0);
g_signal_connect_object (self->priv->display_skeleton, "handle-is-local",
G_CALLBACK (handle_is_local), self, 0);
g_signal_connect_object (self->priv->display_skeleton, "handle-is-initial",
G_CALLBACK (handle_is_initial), self, 0);
g_dbus_object_skeleton_add_interface (self->priv->object_skeleton,
G_DBUS_INTERFACE_SKELETON (self->priv->display_skeleton));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment